package com.fish.gaiety.gateway.configuration;

import com.fish.gaiety.gateway.security.model.SecurityUserDetail;
import com.fish.gaiety.gateway.security.service.impl.UserDetailServiceImpl;
import lombok.RequiredArgsConstructor;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.SecurityFilterChain;

import static org.springframework.security.config.Customizer.withDefaults;

@Configuration
@RequiredArgsConstructor
public class GatewaySecurityConfiguration {

    private final UserDetailServiceImpl userDetailServiceImpl;
    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                    .mvcMatchers("/open/*").permitAll()
                .anyRequest()
                    .authenticated()
                .and()
                .userDetailsService(userDetailServiceImpl)
                .httpBasic(withDefaults())
                .csrf()
                    .disable()
                .sessionManagement()
                .maximumSessions(1);
        return http.build();
    }

}
